US8046823B1ActiveUtility

Secure application bridge server

98
Assignee: STAMPS COM INCPriority: Oct 3, 2006Filed: Oct 3, 2006Granted: Oct 25, 2011
Est. expiryOct 3, 2026(~0.2 yrs left)· nominal 20-yr term from priority
G06F 21/335H04L 63/0815H04L 63/0884
98
PatentIndex Score
330
Cited by
43
References
47
Claims

Abstract

Systems and methods are provided which implement a bridge server to provide user access to one or more secure applications. A bridge server of embodiments is disposed between a user and a secure application and invokes bridge server security protocols with respect to the user and secure application security protocols with respect to the secure application. In operation according to embodiments, client applications will link into a bridge server, the user will be authenticated by the bridge server, and a valid user will be correlated to an account of the secure application by the bridge server. Bridge servers of embodiments facilitate providing features with respect to secure application user access unavailable using the secure application security protocols.

Claims

exact text as granted — not AI-modified
1. A method comprising:
 receiving, at a bridge server, a login request from one of a plurality of users, wherein each of said plurality of users are associated with a same entity and each have respective user credentials; 
 validating, by said bridge server, user credentials of said user requesting said login; 
 identifying, by said bridge server, a secure application account of said entity that is associated with at least one secure application; 
 determining, by said bridge server, entity credentials that grant the entity certain rights to said entity's secure application account; 
 mapping, by said bridge server, said user credentials to said entity credentials; and 
 managing, by said bridge server, interaction of said user with said at least one secure application for performing activity involving use of the secure application account on behalf of said entity, wherein said managing comprises providing at least one value-added service not available from unmapped use of the entity credentials, and said managing further comprises storing status data indicating current usage by said plurality of users of the secure application account. 
 
     
     
       2. The method of  claim 1  wherein said at least one secure application comprises a postal application. 
     
     
       3. The method of  claim 1  wherein said entity credentials comprises postal meter account credentials. 
     
     
       4. The method of  claim 1  wherein said secure application account comprises a value account. 
     
     
       5. The method of  claim 1  wherein said at least one value-added service comprises:
 determining what of said certain rights that are granted to the entity are granted to said user; and 
 managing said interaction of said user with said at least one secure application consistent with the determined rights that the user is granted. 
 
     
     
       6. The method of  claim 5  wherein said user is granted a subset of said certain rights that are granted to the entity. 
     
     
       7. The method of  claim 5  wherein said at least one secure application comprises a postal application. 
     
     
       8. The method of  claim 5  wherein said mapping specifies what of said certain rights that are granted to the entity are granted to said user. 
     
     
       9. The method of  claim 1  wherein said at least one value-added service comprises:
 monitoring use of the secure application account on a per user basis. 
 
     
     
       10. The method of  claim 1  wherein said at least one value-added service comprises:
 storing information detailing respective use of the secure application account by said user. 
 
     
     
       11. The method of  claim 1  wherein said at least one value-added service comprises:
 generating a report showing use of the secure application account on a per user basis. 
 
     
     
       12. The method of  claim 11  wherein said at least one secure application comprises a postal application. 
     
     
       13. The method of  claim 1  further comprising:
 disposing said bridge server in a communication path between at least one client device and said at least one secure application. 
 
     
     
       14. The method of  claim 13  wherein disposing said bridge server in said communication path comprises:
 isolating said at least one secure application from said at least one client device such that any communication between said at least one client device and said at least one secure application passes through said bridge server. 
 
     
     
       15. The method of  claim 13  wherein said communication path comprises a public network. 
     
     
       16. The method of  claim 13  wherein said at least one client device comprises a plurality of client devices that comprise:
 a first group of client devices adapted to implement protocols supported by said at least one secure application; and 
 a second group of client devices adapted to implement protocols supported by said bridge server. 
 
     
     
       17. The method of  claim 16  further comprising:
 providing data tunneling through said bridge server to said at least one secure application for said first group of client devices. 
 
     
     
       18. The method of  claim 1  further comprising:
 initiating, by said bridge server, a reregistration process on behalf of said user. 
 
     
     
       19. The method of  claim 1  further comprising:
 emulating, by said bridge server, operation of a client device adapted to implement protocols supported by said at least one secure application. 
 
     
     
       20. The method of  claim 1  further comprising:
 combining, by said bridge server, transactions supported by said at least one secure application to define additional transactions available to said users. 
 
     
     
       21. A system comprising:
 a bridge server disposed in a communication path between at least one client device and at least one secure application; 
 wherein said bridge server is communicatively coupled to a bridge database containing information mapping, for each of a plurality of users who each have respective user credentials and are associated with a same entity having entity credentials that grant the entity certain rights to a secure application account of said entity, said user credentials to said entity credentials; and 
 wherein said bridge server is configured to facilitate access by said plurality of users to said at least one secure application for conducting activity involving use of the secure application account through use of said entity credentials, while maintaining unique identification of each of said users who are so accessing the at least one secure application; 
 wherein said bridge server is configured to receive a login request from one of said plurality of users using said at least one client device, validate user credentials of said user requesting said login, and determine said mapping of said user credentials to said entity credentials; 
 wherein said bridge server is configured to manage interaction of said user with said at least one secure application through use of said entity credentials for performing activity involving use of the secure application account on behalf of said entity; 
 wherein said bridge server is configured to provide at least one value-added service not available from use of the entity credentials unmapped to said user credentials; and 
 wherein said bridge server is configured to store status data indicating current usage by said plurality of users of the secure application account. 
 
     
     
       22. The system of  claim 21  wherein said at least one value-added service comprises:
 determining what of said certain rights that are granted to the entity are granted to a given one of said users; and 
 managing said interaction of said given one of the users with said at least one secure application consistent with the determined rights that the given one of the users is determined as granted. 
 
     
     
       23. The system of  claim 22  wherein said given one of the users is granted a subset of said certain rights that are granted to the entity. 
     
     
       24. The system of  claim 22  wherein said at least one secure application comprises a postal application. 
     
     
       25. The system of  claim 22  wherein said mapping specifies what of said certain rights that are granted to the entity are granted to each of said users. 
     
     
       26. The system of  claim 21  wherein said at least one value-added service comprises:
 monitoring use of the secure application account on a per user basis. 
 
     
     
       27. The system of  claim 21  wherein said at least one value-added service comprises:
 storing information detailing respective use of the secure application account by each of said users. 
 
     
     
       28. The system of  claim 21  wherein said at least one value-added service comprises:
 generating a report showing use of the secure application account on a per user basis. 
 
     
     
       29. The system of  claim 28  wherein said at least one secure application comprises a postal application. 
     
     
       30. The system of  claim 21  wherein said at least one client device utilizes standardized security protocols and said at least one secure application utilizes proprietary security protocols. 
     
     
       31. The system of  claim 30  wherein said at least one client device comprises a web browser. 
     
     
       32. The system of  claim 21  wherein said bridge database comprises information correlating transaction requests between a protocol used by said at least one client device and a protocol used by said at least one secure application. 
     
     
       33. The system of  claim 32  wherein said correlation of transaction requests combines transactions of said protocol used by said at least one secure application to define a transaction of said protocol used by said at least one client device. 
     
     
       34. The system of  claim 21  wherein said bridge database comprises:
 a user database, said user database comprising user identification and password information; 
 an application link database, said application link database comprising user identification information and secure application account identification information; and 
 a secure application account database, said secure application account database comprising secure application account identification information and secure application account credentials. 
 
     
     
       35. The system of  claim 21  wherein said bridge server provides a data tunnel to accommodate interaction between one or more of said at least one client that is adapted to directly interact with said at least one secure application through said bridge server. 
     
     
       36. The system of  claim 21  wherein said at least one secure application comprises a postal application and said bridge database comprises postal meter account credentials. 
     
     
       37. The system of  claim 21  wherein said communication path comprises a public network. 
     
     
       38. The system of  claim 21  wherein said at least one secure application comprises a postal application and wherein said secure application account comprises a value account. 
     
     
       39. A method comprising:
 receiving, at a bridge server, a login request from one of a plurality of users, wherein each of said plurality of users are associated with a same entity and each have respective user credentials; 
 validating, by said bridge server, user credentials of said user requesting said login; 
 identifying, by said bridge server, a secure application account of said entity that is associated with at least one secure application; 
 determining, by said bridge server, entity credentials that grant the entity certain rights to said entity's secure application account; 
 mapping, by said bridge server, said user credentials to said entity credentials, wherein said mapping comprises determining what of said certain rights that are granted to the entity are granted to said user; and 
 managing, by said bridge server, interaction of said user with said at least one secure application for performing activity involving use of the secure application account on behalf of said entity consistent with the determined rights that the user is granted, wherein said managing comprises providing at least one value-added service not available from unmapped use of the entity credentials, and said managing further comprises storing status data indicating current usage by said plurality of users of the secure application account. 
 
     
     
       40. The method of  claim 39  wherein said at least one secure application comprises a postal application. 
     
     
       41. The method of  claim 39  wherein said entity credentials comprises postal meter account credentials. 
     
     
       42. The method of  claim 39  wherein said secure application account comprises a value account. 
     
     
       43. The method of  claim 39  wherein said user is granted a subset of said certain rights that are granted to the entity. 
     
     
       44. The method of  claim 39  wherein said managing further comprises:
 monitoring use of the secure application account on a per user basis. 
 
     
     
       45. The method of  claim 39  wherein said managing further comprises:
 storing information detailing respective use of the secure application account by said user. 
 
     
     
       46. The method of  claim 39  wherein said managing further comprises:
 generating a report showing use of the secure application account on a per user basis. 
 
     
     
       47. The method of  claim 46  wherein said at least one secure application comprises a postal application.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.